Windows Insider MVP 2022!

Not at the beginning of the year anymore, but that doesn’t make it any less special and that still makes an awesome start of the year! I just received that great email stating that I’m re-awarded as a Windows Insider MVP! Still a great feeling! I feel really proud, honored and privileged to be awarded with my fourth Windows Insider MVP award and to already been holding the Microsoft MVP (Enterprise Mobility) award for seven years! Just awesome! No other words. Of course none of this would be possible without the support of my great family! I love them and couldn’t do this without their support! With their support, I’m ready for another awesome year! 

Monitoring Windows Autopilot deployments with Azure Logic Apps and Adaptive Cards for Teams

This week is another follow-up on the last couple of weeks. The last couple of weeks the focus was on monitoring the status of the different connectors, certificates and tokens, while this week the focus is on monitoring deployments. More specifically, on monitoring Windows Autopilot deployments. Especially when dealing with many (remote) Windows Autopilot deployments, it can be useful to retrieve some deployment triggers without constantly having to check the Microsoft Endpoint Manager admin center. That can help with getting a good feeling about the stability and with getting triggered when users deal with failed Windows Autopilot deployments (as not all users call IT about failures). This post walks through the main components that are required to query Windows Autopilot deployment status information in Microsoft …

Read more

Collection of information for monitoring the status of connectors, certificates and tokens

This week is a follow-up on last week. Last week the focus was on providing an example for monitoring the Apple MDM push certificate with Azure Logic Apps and Adaptive Cards for Teams and this week the focus is on providing more endpoints in Microsoft Graph that can be used for monitoring all different connectors, certificates and tokens. This blog post will provide a collection of the different endpoints, the properties to verify and example queries to use. All summarized in tables, including links to the documentation. The following connectors, certificates and tokens are addressed within this post. Note: This list of connectors, certificates and tokens is made based on the information available within Microsoft Endpoint Manager admin center (Tenant administration > Connectors and tokens). …

Read more

Monitoring Apple MDM push certificate with Azure Logic Apps and Adaptive Cards for Teams

This new year starts again with something completely new. That means, some of the technology hasn’t be part of any of the posts on this blog before. This post will provide a look at using Azure Logic Apps for querying Microsoft Intune (via Microsoft Graph) and posting the results in Microsoft Teams. That’s an awesome combination for automating administrative tasks and triggering IT administrators to perform actions. The idea of this post is to show the power of that combination and to show the simplicity to automate administrative tasks. This post provides a simple example that will query status information about the Apple MDM push certificate in Microsoft Intune and posts that information in an adaptive card in a Microsoft Teams chat, when action is …

Read more

Getting started with Remote help for Windows devices

This week is all about getting started with Remote help for Windows devices. Remote help is recently introduced as a new feature in Microsoft Intune that can be used for providing remote assistance to users on Windows devices. It looks a lot like the existing Quick Assist app on Windows, but it has a few big advantages. It integrates with Microsoft Endpoint Manager for providing remote assistance to managed devices, it integrates with Azure Active Directory for providing authentication and compliance information, and it provides a better administrator experience. There are communication options with the user and there is the ability to work with elevated permissions. This post will go through the steps for configuring Remote help in the tenant and through the steps for …

Read more

Working with custom compliance settings

This week is all about the latest capabilities that are available within compliance policies. Those capabilities are custom compliance settings. Custom compliance settings enable the IT administrator to basically check for anything and to use that for the compliance state of the device. The IT administrator can use PowerShell script in the custom compliance setting, to verify the status of anything that is available on the device. The results can be compared to rules and values that are configured in a JSON file. The result of that comparision can be used as part of the compliance policy. This post will proivde a quick introduction to custom compliance settings, followed with the steps to create the require PowerShell script and JSON file. This post will end …

Read more

Getting started with Security Management for Microsoft Defender for Endpoint

This week is all about Security Management for Microsoft Defender for Endpoint. Security Management for Microsoft Defender for Endpoint is the new configuration channel that can be used for managing the security configuration for Microsoft Defender for Endpoint (MDE) on devices that are not enrolled into Microsoft Endpoint Manager (MEM). Not in Microsoft Intune, nor in Configuration Manager. With that new configuration channel, MDE retrieves, enforces, and reports on the policies that are assigned via MEM. After onboarding to MDE, the devices are automatically joined to Azure AD and become visible in the MEM (and Azure AD and Microsoft 365 Defender). Within MEM those devices are marked as managed by MDE. This post will go through the steps to configure the required tenant configurations, the …

Read more

Different options for upgrading devices to Windows 11

This week is again all about upgrading devices to Windows 11, by using Microsoft Intune. When discussing the upgrade to Windows 11, the first and foremost thing to mention is that managed devices won’t automatically upgrade to Windows 11. There is always an action required by the IT administrator to make sure that managed devices are allowed to upgrade to Windows 11. The options to configure those managed devices, however, were limited when using Microsoft Intune. That has changed with the latest service release (2111) of Microsoft Intune. That service release introduced a few more options for managing and controlling the upgrade to Windows 11. This post will go through those different methods for upgrading devices to Windows 11, followed the configuration options for those …

Read more

Managing Windows Insider Preview Builds within the organization

This week is al around managing Windows Insider Preview Builds. Even though it’s not a new subject, it’s good to at least get a refresher. Especially when mentioning the Windows Insider Preview for Business program, as it’s often still unknown. The fun part, however, is that it’s actually pretty simple to get started. For organizations, the Windows Insider Preview for Business program enables them not having to register each device or user in the program and to easily set important policies around preview builds. The only requirement is to register an Azure AD tenant, so it can be used for authentication.This post walks through that requirement and more, as prequisites for configuring Windows Insider Preview Builds within the organization, followed with the steps for creating …

Read more

Allowing users to opt-in for Windows 11 by using access packages

This week is all about providing users with an easy method to opt-in for using Windows 11. That easy method can be created by using standard functionality that is provided by Azure AD entitlement management – an identity governance feature – and that can be used to automate access request workflows, access assignments, reviews, and expiration. More specifically, entitlement management introduces the concept of an access package and those packages provide an easy method to govern access. In a way, an access package can be used to create a simple automated flow to allow users to opt-in for Windows 11. That can be achieved adding the user to an Azure AD group and using that group for the assignment of a feature update deployment. This …

Read more